Privacy Policy
Last updated: February 27, 2026
1. Introduction & Data Controller
Recensio.ai ("Recensio", "we", "us", or "our") is a reputation management platform that helps business owners monitor and respond to their Google Business Profile reviews using AI-assisted drafting.
Data Controller:
Recensio.ai
Email: info@recensio.ai
Privacy inquiries: support@recensio.ai
This Privacy Policy explains how we collect, use, store, and share your information when you use our platform at https://recensio.ai.
2. Data We Collect
2.1 Account Data
- Email address
- Full name
- Password (hashed, never stored in plain text)
- Language preference
2.2 Business Data
- Business name and type
- Tone and custom instructions for AI response generation
- WhatsApp phone number (optional, for notifications)
2.3 Google Business Profile Data
When you connect your Google Business Profile via OAuth 2.0, we access the following data using the business.manage scope:
- Your Google Business Profile reviews (author name, rating, review text, date)
- Your existing review responses
- Basic business profile information (name, location)
We also store:
- An encrypted Google OAuth refresh token (AES-256-GCM encryption) to maintain your connection
2.4 AI-Generated Data
- AI-generated draft responses to reviews
- Your edits and corrections to AI drafts (used to improve response quality for your account)
- AI analysis results (sentiment, categories, urgency classification) — this analysis is performed solely to provide you with actionable insights in your dashboard. It is never used for advertising profiling, market research, or shared with any third party
2.5 Payment Data
Payment processing is handled entirely by Stripe. We do not store credit card numbers or payment details. Stripe may store your payment information in accordance with their own privacy policy.
2.6 Usage Data
- Log data (IP address, browser type, access times)
- Feature usage patterns within the dashboard
3. How We Use Your Data
We use your data exclusively to provide and improve the Recensio service:
- Read your reviews: We retrieve reviews from your Google Business Profile to display them in your dashboard.
- Generate AI draft responses: We send the review text, your business type, tone preference, and custom instructions to our AI provider (Anthropic Claude) to generate draft responses. We do NOT send your personal data, Google refresh token, or payment information to the AI.
- Publish approved responses: Only after your explicit approval (via dashboard or WhatsApp), we publish the response to your Google Business Profile.
- Send notifications: We notify you of new reviews via WhatsApp (Twilio) and/or email (Resend).
- Generate analytics and reports: We aggregate your review data to provide insights and PDF reports.
- Process payments: We use Stripe to manage subscriptions and billing.
We do NOT use your data for advertising purposes.
We do NOT sell your data to third parties.
We do NOT use your Google data for purposes unrelated to the Recensio service.
4. Google API Disclosure & Limited Use
Recensio's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- Access: We only request the business.manage scope, which is the minimum necessary to read reviews and publish approved responses on your behalf.
- Use: Google data is used solely to display reviews, generate AI-assisted draft responses, and publish your approved responses. It is never used for advertising or any purpose unrelated to the Recensio service.
- Storage: Your Google refresh token is encrypted using AES-256-GCM and stored in our database hosted in Frankfurt, Germany (EU). Review data is stored for as long as your account is active.
- Sharing: Google data is not sold or shared with third parties. The only processing of review text by a third party occurs when it is sent to Anthropic's Claude API for response generation. No personally identifiable information is included in these API calls.
You can disconnect your Google Business Profile and revoke Recensio's access at any time through the Settings page in your dashboard.
5. Data Storage & Security
- Database location: Supabase PostgreSQL, Frankfurt, Germany (EU)
- Application hosting: Vercel, Frankfurt region (EU)
- Encryption: Google OAuth tokens are encrypted at rest using AES-256-GCM
- Access control: Row-Level Security (RLS) ensures users can only access their own data
- Transport security: All data in transit is encrypted via HTTPS/TLS
6. Third-Party Sub-Processors
We use the following third-party services to operate Recensio:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database & authentication | Account data, business data, reviews | Frankfurt, DE (EU) |
| Vercel | Application hosting | All data processed through the app | Frankfurt, DE (EU) |
| Anthropic (Claude) | AI response generation | Review text, business type, tone, instructions | US |
| Stripe | Payment processing | Email, payment details | US/EU |
| Twilio | WhatsApp notifications | Phone number, notification content | US |
| Resend | Email notifications | Email address, notification content | EU (Ireland) |
All sub-processors are bound by data processing agreements and maintain appropriate security measures.
For sub-processors located outside the European Union (Anthropic, Stripe, Twilio), data transfers are protected by Standard Contractual Clauses (SCCs) and/or the EU-U.S. Data Privacy Framework, in accordance with GDPR Chapter V requirements.
We process your data based on:
- Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the Recensio service as agreed when you create your account.
- Consent (Art. 6(1)(a) GDPR): For connecting your Google Business Profile via OAuth. You can withdraw consent at any time by disconnecting your profile.
- Legitimate interest (Art. 6(1)(f) GDPR): For service improvement and security measures.
8. Your Rights
Under the GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict processing of your data
- Data portability — receive your data in a structured, machine-readable format
- Object to processing based on legitimate interest
- Withdraw consent at any time (including disconnecting your Google Business Profile)
To exercise any of these rights, contact us at support@recensio.ai. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority.
9. Data Retention
- Account data: Retained for as long as your account is active. Upon account deletion, all personal data is deleted within 30 days.
- Google refresh token: Deleted immediately when you disconnect your Google Business Profile.
- Review data: Retained for as long as your account is active. Deleted within 30 days of account deletion.
- AI-generated responses and corrections: Retained for as long as your account is active. Deleted within 30 days of account deletion.
- Payment records: Retained as required by applicable tax and accounting laws.
10. Cookies
Recensio uses only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or analytics cookies.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through a notice on our platform. The "Last updated" date at the top indicates the most recent revision.
12. Contact
For any questions about this Privacy Policy or your data:
Email: support@recensio.ai
General inquiries: info@recensio.ai